VYPR

npm package

pug

pkg:npm/pug

Vulnerabilities (2)

  • CVE-2024-36361MedMay 24, 2024
    affected < 3.0.3fixed 3.0.3

    Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and t

  • CVE-2021-21353Mar 3, 2021
    affected < 3.0.1fixed 3.0.1

    Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug temp